Bug 433558 - segmentation fault when the stream with a wrapper is not closed
segmentation fault when the stream with a wrapper is not closed
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: php (Show other bugs)
4.6
All Linux
low Severity low
: rc
: ---
Assigned To: Joe Orton
: Patch
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-19 19:03 EST by Andrew Ryan
Modified: 2010-10-22 18:38 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-05-18 16:33:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch backported to php-4.3.9 (2.00 KB, patch)
2008-02-19 19:03 EST, David Robinson
no flags Details | Diff
reproducer (304 bytes, application/x-php)
2008-02-19 19:03 EST, David Robinson
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
PHP Bug Tracker 27469 None None None Never

  None (edit)
Description David Robinson 2008-02-19 19:03:04 EST
Description of problem:
A custom stream wrapper will cause PHP to segfault if the stream's file
descriptor is not explicitly closed.

Version-Release number of selected component (if applicable):
php-4.3.9
RHEL 4.6

How reproducible:
100%

Steps to Reproduce:
1. php reproducer.php
  
Actual results:
(segmentation fault)
$ php reproducer.php 
Content-type: text/html
X-Powered-By: PHP/4.3.9

0.69239000 1203460771 
Segmentation fault

Expected results:
(no segmentation fault)
$ php reproducer.php
Content-type: text/html
X-Powered-By: PHP/4.3.9

0.16836000 1203465750

Additional info:
This problem is php bug 32742: http://bugs.php.net/bug.php?id=32742
The segmentation fault does not occur if the "fclose ($fp);" line in the
reproducer is uncommented.

The upstream cvs commits that solve the problem are:
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.543.2.50&r2=1.543.2.51&pathrev=PHP_4_3
http://cvs.php.net/viewvc.cgi/php-src/main/streams.c?hideattic=0&r1=1.125.2.95&r2=1.125.2.96
http://cvs.php.net/viewvc.cgi/php-src/main/php_streams.h?r1=1.61.2.17&r2=1.61.2.18&pathrev=PHP_4_3
http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.512.2.62&r2=1.512.2.63&pathrev=PHP_4_3

A patch to correct the problem is attached.
Comment 1 David Robinson 2008-02-19 19:03:04 EST
Created attachment 295358 [details]
patch backported to php-4.3.9
Comment 2 David Robinson 2008-02-19 19:03:55 EST
Created attachment 295359 [details]
reproducer
Comment 4 RHEL Product and Program Management 2008-09-05 13:16:17 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 10 errata-xmlrpc 2009-05-18 16:33:00 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1013.html

Note You need to log in before you can comment on or make changes to this bug.